The prospects of agreeing a proposed Europe-wide data privacy rules by spring next year, a key objective of the European Commission, look in doubt after EU ministers last week failed to agree on the concept of a one-stop-shop for data protection.

Justice ministers representing the 28 member states attempted to reach agreement on the proposed data protection regulation at a meeting in Brussels last week (6 December).

The reform aims to unify national data protection regimes, making it easier for businesses operating across territories who would deal with a single data protection authority – a so-called ‘one-stop-shop’ – in the country where they are based. The proposal also envisages that citizens should be able to rely on such a one-stop shop across the bloc’s 28 individual data protection authorities to safeguard their data protection rights.

Germany resists a one-stop-shop

But Germany proved the most resistant to the one-stop-shop proposal at last week's meeting, and received backing by ministers from the Czech republic, Denmark and Hungary.

“This proposal involves replacing all of the German consumer rights on data protection – which is around 100 pages – and we therefore have to be careful that our high standards remain,” Ole Schr?der, secretary of state in the German federal ministry of the interior said at the outset of the meeting.

“Harmonisation, yes, but not at any price,” Schr?der added, when asked if he believed whether – in the light of the NSA scandal – the data protection regulation should be pushed through more quickly.

Meanwhile the UK and Sweden, whilst favouring the one-stop-shop proposal, continue to argue that the regulation should instead be a directive, allowing member states greater flexibility in transposing the rules.

“We worked intensively during the entire period of our presidency on this, however there is a significant gap in member states positions on this,” said Juozas Bernatonis, the Lithuanian justice minister who was chairing the meeting.

Ministers agreed in principle to the one-stop-shop principle in October, so the failure represented a blow to achieving agreement on a complicated dossier.

“Today’s meeting was a disappointing day for data protection… today we have moved backwards and I am very disappointed about that, because a swift agreement would be important for our citizens as well as our companies,” said Viviane Reding, the EU's Justice Commissioner.

Parliament's rapporteur reactsangrily

Lawmakers in the European parliament’s civil liberties committee voted in October to strengthen Europe's data protection laws, including plans to impose fines of up to €100 million on companies such as Yahoo!, Facebook or Google if they break the rules.

The Parliament, and Reding, have consistently tied the need for stronger data protection to acknowledge alleged privacy abuses arising from information leaked by former US espionage contractor Edward Snowden.

“It’s just ridiculous. The German government has talked about data protection throughout the last months, Chancellor Angela Merkel said it is priority and then the German interior minister is going to Luxemburg and Brussels and doing exactly the opposite,” said German Green MEP Jan Philipp Albrecht.

“They use the argument that they are safeguarding German consumer rights, but these arguments are lies, because the Parliament has insisted on consumer protections which are of exactly the same standards as those in Germany,” Albrecht added.

Positions

“ICDP welcomes VP Reding’s reiteration of the importance of the One Stop Shop as a vital pillar of the Regulation and appreciates that the Council members continue their work on the details of the mechanism. We will continue to be a constructive partner to help achieve a positive outcome that will benefit citizens and industry alike,” said Siada El Ramly, director general of the European Digital Media Association (EDiMA).

Background

The European Commission published in January 2012 a broad legislative package aimed at safeguarding personal data across the EU.

The package consists of two legislative proposals: a general regulation on data protection (directly applicable in all member states) and a specific directive (to be transposed into national laws) on data protection in the area of police and justice.

Timeline

2013: Updated data protection rules continue to be negotiated by European Parliament and European Council